Re: prevent invalidly encoded input
| От | Tom Lane |
|---|---|
| Тема | Re: prevent invalidly encoded input |
| Дата | |
| Msg-id | 15042.1189533969@sss.pgh.pa.us обсуждение исходный текст |
| Ответ на | prevent invalidly encoded input (Andrew Dunstan <andrew@dunslane.net>) |
| Ответы |
Re: prevent invalidly encoded input
|
| Список | pgsql-patches |
Andrew Dunstan <andrew@dunslane.net> writes:
> Attached is a patch to the scanner and the COPY code that checks for
> invalidly encoded data that can currently leak into our system via \
> escapes in quoted literals or text mode copy fields, as recently
> discussed. That would still leave holes via chr(), convert() and
> possibly other functions, but these two paths are the biggest holes that
> need plugging.
The COPY code looks sane. On the scan.l change, I believe two out of
three of those calls are useless, because we do not do backslash
processing in dollar-quoted strings nor in quoted identifiers.
Also, I'd kinda like to have the check-for-high-bit optimization in
scan.l too --- some people do throw big literals at the thing.
regards, tom lane
В списке pgsql-patches по дате отправления: